This commit is contained in:
Jules Parker 2021-11-23 14:46:58 +01:00
Родитель b24f9f4d89
Коммит b3f4c16f4b
4 изменённых файлов: 7 добавлений и 11 удалений
content
authentication/keeping-your-account-and-data-secure
developers/apps/building-oauth-apps
pull-requests/collaborating-with-pull-requests/working-with-forks
data/reusables/repositories

Просмотреть файл

@ -67,7 +67,7 @@ There are several types of data that applications can request.
| Notifications | Notification access allows applications to read your {% data variables.product.product_name %} notifications, such as comments on issues and pull requests. However, applications remain unable to access anything in your repositories. |
| Organizations and teams | Organization and teams access allows apps to access and manage organization and team membership. |
| Personal user data | User data includes information found in your user profile, like your name, e-mail address, and location. |
| Repositories | Repository information includes the names of contributors, the branches you've created, and the actual files within your repository. Applications can request access for either {% ifversion not ghae %}public{% else %}internal{% endif %} or private repositories on a user-wide level. |
| Repositories | Repository information includes the names of contributors, the branches you've created, and the actual files within your repository. Applications can request access for either {% ifversion not ghae %}public{% endif %}{% ifversion ghec or ghes %}, {% endif %}{% ifversion not fpt %}internal{% endif %} or private repositories on a user-wide level. |
| Repository delete | Applications can request to delete repositories that you administer, but they won't have access to your code. |
## Requesting updated permissions

Просмотреть файл

@ -43,15 +43,15 @@ Name | Description
**`(no scope)`** | Grants read-only access to public information (including user profile info, repository info, and gists){% endif %}{% ifversion ghes or ghae %}
**`site_admin`** | Grants site administrators access to [{% data variables.product.prodname_ghe_server %} Administration API endpoints](/rest/reference/enterprise-admin).{% endif %}
**`repo`** | Grants full access to repositories, including private repositories. That includes read/write access to code, commit statuses, repository and organization projects, invitations, collaborators, adding team memberships, deployment statuses, and repository webhooks for repositories and organizations. Also grants ability to manage user projects.
 `repo:status`| Grants read/write access to {% ifversion not ghae %}public{% else %}internal{% endif %} and private repository commit statuses. This scope is only necessary to grant other users or services access to private repository commit statuses *without* granting access to the code.
 `repo:status`| Grants read/write access to {% ifversion not ghae %}public{% endif %}{% ifversion ghec or ghes %}, {% endif %}{% ifversion not fpt %}internal{% endif %} and private repository commit statuses. This scope is only necessary to grant other users or services access to private repository commit statuses *without* granting access to the code.
 `repo_deployment`| Grants access to [deployment statuses](/rest/reference/repos#deployments) for {% ifversion not ghae %}public{% else %}internal{% endif %} and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, *without* granting access to the code.{% ifversion not ghae %}
 `public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories.{% endif %}
 `repo:invite` | Grants accept/decline abilities for invitations to collaborate on a repository. This scope is only necessary to grant other users or services access to invites *without* granting access to the code.{% ifversion fpt or ghes > 3.0 or ghec %}
&emsp;`security_events` | Grants: <br/> read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning) <br/> read and write access to security events in the [{% data variables.product.prodname_secret_scanning %} API](/rest/reference/secret-scanning) <br/> This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}{% ifversion ghes < 3.1 %}
&emsp;`security_events` | Grants read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning). This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}
**`admin:repo_hook`** | Grants read, write, ping, and delete access to repository hooks in {% ifversion not ghae %}public{% else %}internal{% endif %} and private repositories. The `repo` {% ifversion not ghae %}and `public_repo` scopes grant{% else %}scope grants{% endif %} full access to repositories, including repository hooks. Use the `admin:repo_hook` scope to limit access to only repository hooks.
&emsp;`write:repo_hook` | Grants read, write, and ping access to hooks in {% ifversion not ghae %}public{% else %}internal{% endif %} or private repositories.
&emsp;`read:repo_hook`| Grants read and ping access to hooks in {% ifversion not ghae %}public{% else %}internal{% endif %} or private repositories.
**`admin:repo_hook`** | Grants read, write, ping, and delete access to repository hooks in {% ifversion not ghae %}public{% endif %}{% ifversion ghec or ghes %}, {% endif %}{% ifversion not fpt %}internal{% endif %} and private repositories. The `repo` {% ifversion not ghae %}and `public_repo` scopes grant{% else %}scope grants{% endif %} full access to repositories, including repository hooks. Use the `admin:repo_hook` scope to limit access to only repository hooks.
&emsp;`write:repo_hook` | Grants read, write, and ping access to hooks in {% ifversion not ghae %}public{% endif %}{% ifversion ghec or ghes %}, {% endif %}{% ifversion not fpt %}internal{% endif %} or private repositories.
&emsp;`read:repo_hook`| Grants read and ping access to hooks in {% ifversion not ghae %}public{% endif %}{% ifversion ghec or ghes %}, {% endif %}{% ifversion not fpt %}internal{% endif %} or private repositories.
**`admin:org`** | Fully manage the organization and its teams, projects, and memberships.
&emsp;`write:org`| Read and write access to organization membership, organization projects, and team membership.
&emsp;`read:org`| Read-only access to organization membership, organization projects, and team membership.

Просмотреть файл

@ -60,15 +60,11 @@ If a private repository is made public and then deleted, its private forks will
{% endif %}
{% ifversion fpt or ghae or ghes or ghec %}
{% ifversion ghae or ghes or ghec %}
## Changing the visibility of an internal repository
{% note %}
**Note:** {% data reusables.gated-features.internal-repos %}
{% endnote %}
If the policy for your enterprise permits forking, any fork of an internal repository will be private. If you change the visibility of an internal repository, any fork owned by an organization or user account will remain private.

Просмотреть файл

@ -6,6 +6,6 @@
- When [LDAP Sync is enabled](/enterprise/admin/authentication/using-ldap#enabling-ldap-sync), if you remove a person from a repository, they will lose access but their forks will not be deleted. If the person is added to a team with access to the original organization repository within three months, their access to the forks will be automatically restored on the next sync.{% endif %}
- You are responsible for ensuring that people who have lost access to a repository delete any confidential information or intellectual property.
- People with admin permissions to a private{% ifversion fpt or ghes or ghae or ghec %} or internal{% endif %} repository can disallow forking of that repository, and organization owners can disallow forking of any private{% ifversion fpt or ghes or ghae or ghec %} or internal{% endif %} repository in an organization. For more information, see "[Managing the forking policy for your organization](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)" and "[Managing the forking policy for your repository](/github/administering-a-repository/managing-the-forking-policy-for-your-repository)."
- People with admin permissions to a private{% ifversion ghes or ghae or ghec %} or internal{% endif %} repository can disallow forking of that repository, and organization owners can disallow forking of any private{% ifversion ghes or ghae or ghec %} or internal{% endif %} repository in an organization. For more information, see "[Managing the forking policy for your organization](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)" and "[Managing the forking policy for your repository](/github/administering-a-repository/managing-the-forking-policy-for-your-repository)."
{% endwarning %}